13 Aug 2019

UN Probing 35 North Korean Cyberattacks in 17 Countries

The United Nations (UN) is investigating at least 35 cyberattacks in 17 countries that are believed to be the work of hackers working for the North Korean government, an extended version of a recent UN report shows. A summary of the report released last week mentioned that Pyongyang has used

Read More
13 Aug 2019

FBI proposal outlines plans for large scale collection of social media data

A new report by the Wall Street Journal indicates that plans by the US Federal Bureau of Investigation (FBI) to increase its monitoring of social media platforms in order to better anticipate and detect threats, may conflict with the privacy policies of Facebook and “possibly its attempts to comply with

Read More
13 Aug 2019

Cloud Atlas threat group updates weaponry with polymorphic malware

Researchers with Kaspersky labs have uncovered a new attack campaign by the advanced persistent threat (APT) group Cloud Atlas (aka inception). The attacks rely on polymorphic malware that makes changes to its code for every infection in order to avoid detection by signature-based security solutions. The campaign targets the “international

Read More
13 Aug 2019

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

New research by PWC UK shows that the capability of many commercial speakers to emit frequencies outside the range of human hearing can enable hackers to turn these devices into acoustic weapons that produce inaudible sound or audible noise at high intensity. The study found that it is relatively simple

Read More
13 Aug 2019

4G Router Vulnerabilities Let Attackers Take Full Control

Researchers with Pen Test Partners have found severe flaws in a range of 4G routers from different manufacturers that can result in memory leaks or remote command execution. While the vulnerabilities are very serious, the researchers say they found them “without having to do too much work.” After Pen Test

Read More
13 Aug 2019

Unsolicited Blank Emails Could Portend BEC Attacks

If one or more employees in an organization receive an unsolicited blank email, this may mean that the company will soon be targeted in a business email compromise (BEC) scam campaign, Agari researchers warn. The company has been tracking various BEC scam groups and discovered that these threat actors often

Read More
13 Aug 2019

Researchers Show How SQLite Can Be Modified to Attack Apps

Check Point researchers have developed a new attack technique that takes advantage of memory safety issues in the widely used SQLite database engine. It allows attackers to execute commands in applications that rely on the engine for data storage. The discovered flaws represent a very serious threat because SQLite is

Read More
13 Aug 2019

4 Dating Apps Pinpoint Users’ Precise Locations – and Leak the Data

Researchers with Pen Test Partners have discovered that four popular dating apps with a total of 10 million users leak location data that can be used to track people almost in real-time. The researchers have developed a tool that combines location information from Grindr, Romeo, Recon and 3fun, and uses

Read More
12 Aug 2019

Researchers find security flaws in 40 kernel drivers from 20 vendors

Security researchers at Eclypsium have discovered major security vulnerabilities in over 40 kernel drivers from 20 different hardware vendors. The flaws are the result of poor software design choices and allow applications with limited privileges to use driver functions in order to perform malicious actions that can impact highly sensitive parts

Read More
12 Aug 2019

Repurposing Mac Malware Not Difficult, Researcher Shows

New research by Patrick Wardle, a Mac security researcher at Jamf, shows that it is relatively easy for skilled threat actors to repurpose known malware and to make sure that signature-based security solutions will no longer detect it. While writing powerful malware from scratch is a significant undertaking, it is

Read More